My presentation from SharePoint Saturday UK 2013. In this session we looked at some of the questions you need to ask yourself and your potential Cloud Provider before deciding to move your corporate content into a Cloud environment.

1. When do you decide to
go to The Cloud?
SharePoint Saturday UK – November 2013 – Mark Stokes

2. Mark Stokes

Red Plane

Microsoft Partner in North West UK

www.redplane.co.uk

@FlyRedPlane

Office 365, SharePoint, Azure, nopCommerce, Windows 8 Apps, Windows Phone
Apps, iOS Apps, .Net

mark.stokes@redplane.co.uk

@MarkStokes

Interests: SharePoint, Technology, Photography, Raspberry Pi, Snowboarding,
Wakeboaring, Running, Tough Mudder (maybe!), My Dog - Hugo

3. Agenda

What does the Cloud mean to us?

What the marketing tells you

What the marketing doesn’t tell you

Trust – Security & Privacy

Control

Cost / Benefits

Some other things to think about

Job Security – The end of the IT Pro?

4. What does The Cloud mean to us?

Types of cloud

Cloud Offerings


SaaS

Private Cloud

PaaS

Community Cloud

IaaS


On-Premises
Public Cloud

DaaS
Characteristics (NIST)

On-demand self-service

Broad network access

Resource pooling

Rapid elasticity

Measured service

5. What the marketing tells you

No upfront “infrastructure” costs

Simple per user per month licencing cost

It’s always there (99.9% uptime – Financially backed!)

Access Anywhere, Anytime on Any Device

You will save money

It’s quick, easy and idiot proof

There is no downside

It’s the future

We are “all in”

It what you should be doing…..

6. What the marketing doesn't tell you

Upfront Costs

Awareness, education and training on new systems

You still need to “design” your cloud environment

You still need to migrate your content into The Cloud

You might need to invest in faster / more robust Internet connectivity

De-provisioning costs of existing infrastructure

Supporting Architecture – DirSync / ADFS – Single Sign-On

Vendor Lock-in

Lack of control of the platform

You will (should) save money if you do it right and have a medium to long term
strategy

How good is your MS Partner at setting up and configuring the services?

7. Service Continuity

Redundancy

Monitoring


Internal monitoring built to drive automatic
recovery

Data redundancy with robust failover capabilities

Outside-in monitoring raises alerts about incidents


Physical redundancy at server, datacenter, and
service levels
Functional redundancy with offline functionality

Extensive diagnostics provide logging, auditing, and
granular tracing
Resiliency



Automated failover with human backup


Active load balancing
Recovery testing across failure domains

Distributed component services like Exchange
Online, SharePoint Online, and Lync Online limit
scope and impact of any failures in a component

Directory data replicated across component
services insulates one service from another in any
failure events

Fully automated deployment models, making
deployment easier than ever


Standardized hardware reduces issue isolation
complexities

Distributed services

Simplification
Standard built-in management mechanism
Human backup

Automated recovery actions with 24/7 on-call
support

Team with diverse skills on the call provides rapid
response and resolution

Continuous improvement by learning from the oncall teams
Simplified operations and deployment

8. Service Continuity

Continuous learning


Our post-incident review consists of analysis of
what happened, our response, and our plan to
prevent it in the future


If an incident occurs, regardless of the
magnitude of impact we do a thorough postincident review every time
In the event your organization was affected by
a service incident, we share the post-incident
review with you
Consistent communication

Transparency requires consistent
communication, especially when you are using
the service

We have a number of communication channels
such as email, RSS feeds, and the very
important and highly relevant Service Health
Dashboard

Consistent communication

9. Trust - Security

Is your Cloud Provider Secure?

Do you “Trust” your cloud provider with your data?

What accreditations does you Cloud provider have (e.g. IL2 / IL3)

Are there any recorded security breaches?

What level of security to you actually need?

Could YOU do a better job of securing your own data?

Security of Data at Rest

Security of Data in Transit

10. Trust - Privacy / Data Protection

Where is your data?



The laws of the land in the location where your data is stored
Check the small print of your Service Providers Terms and Conditions
Who owns your data?

And what can they do with it?

PRISM

Safe Harbor

Additional questions are:

Just how private is your data REALLY?

Are hackers REALLY going to be interested in YOUR data?

If yes, then can your Cloud provider provide “at least the same” level of privacy control that
you could do yourself?

11. PRISM

Clandestine mass electronic surveillance data mining program

Operated by the US National Security Agency (NSA) since 2007

Collects stored Internet Communications based on demands made to Internet companies such
as Google, Microsoft, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL, Apple

Provides – E-mail, Chat (Video & Voice), Videos, Photos, Stored data, VoIP, File
Transfers, Video Conferencing, Notifications of target activity (logins, etc), Online Social
Networking details, Special Requests

US as a World’s Telecommunications Backbone

Much of the worlds communications flow through the US

A target’s phone call, e-mail or chat will take the cheapest path, not the physically most
direct path – you can’t always predict the path.

A target’s communications could easily be flowing into and through the U.S.

12. US-EU Safe Harbor

Streamlined process for US companies to comply with EU Directive on the
protection of personal data

Companies operating in the EU are not allowed to send personal data to
countries outside of the European Economic Area unless there is a guarantee
that it will receive adequate levels of protection

Intended for organisations within the EU or US that stores customer data, the
Safe Harbor Principles are designed to prevent accidental information
disclosure or loss.

US companies can opt into the program as long as they adhere to the 7
principles outlined in the directive.

13. US-EU Safe Harbor Principles

Notice – Individuals must be informed that their data is being collected and
how it will be used

Choice – individuals must have the ability to opt out of the collection and
forward transfer of the data to third parties

Onward Transfer – Transfers of data to third parties may only occur to other
organisations that follow adequate data protection principles

Security – Reasonable efforts must be made to prevent loss of collected data

Data integrity – Data must be relevant and reliable for the purpose it was
collected for

Access – Individuals must be able to access information held about them, and
correct or delete it if it is inaccurate

Enforcement – There must be effective means of enforcing these rules

14. Control - Or rather the lack of

You no longer control the platform

You no longer have control over platform updates

What warning / communication do you have of impending updates?


How do you test your configuration / customisations against impending updates?
What support capability is offered? /what are the SLAs?

15. Cost benefits

Compare on-premises to cloud for certain scenarios

Focus on running your company rather than being an IT company that makes some
widgets

Short, medium or long term investment?

Capital Expenditure to Operational Expenditure

16. CapEx vs OpEx
CAPEX
OPEX
Definition:
OPEX refers to expenses incurred in the course
Capital expenditures are expenditures creating future benefits. A
of ordinary business, such as sales, general
capital expenditure is incurred when a business spends money either
and administrative expenses (and excluding cost
to buy fixed assets or to add to the value of an existing asset with a
of goods sold – or COGS, taxes, depreciation and
useful life that extends beyond the tax year.
interest).
Also known as:
Capital Expense
Accounting treatment:
Cannot be fully deducted in the period when they were incurred.
Operating expenses are fully deducted in the
Tangible assets are depreciated and intangible assets are amortized accounting period during which they were
over time.
incurred.
In throughput accounting:
Money spent on inventory falls under CAPEX.
The money spent turning inventory into
throughput is OPEX.
In real estate term:
Costs incurred for buying the income producing property.
Costs associated with the operation and
maintenance of an income producing property.
Examples:
Buying machinery and other equipment, acquiring intellectual
property assets like patents, furniture and fixtures
Wages, maintenance and repair of machinery,
utilities, rent, SG&A expenses, license fees,
office running expenses
Operating Expenditure, Revenue Expenditure
http://www.office365-singapore.com/microsoft-office-365/office-365-opex-cost-savings/

17. Things to think about

Content Migration

Connectivity



Internet Connectivity
Cloud connectivity to on-premises LOB applications
Features


Do you need features your chosen cloud doesn't have / support?
Customisations

Developing

Deploying

Maintenance / Support - Third Party Support Contracts (changes to the platform
might break your code)

18. Job Security – The end of the IT Pro?

19. Thanks to our
Sponsors

20. Thank you…